Secure acceleration of DSS signatures using insecure server
Small units like chip cards (smart card) have the possibility of computing, storing and protecting data. Today such chip cards have limited computing power and some cryptoprotocols are too slow. Some new chip cards with secure coprocessors are coming but are not very reliable at the moment and a little bit expensive.
A possible alternative solution is to use an auxiliary unit in order to help the chip card. The known protocols are not very secure or are not efficient.
We show how to accelerate the computation of a x b mod c and of a t mod c where a, b, c, t are public. Next we show how to accelerate the discrete exponential modulo a prime number: this protocol is useful to accelerate DSS signatures and other schemes. This protocol is also the first one accelerating DSS signatures with the help of an insecure server: it is secure against both passive and active attacks (that is, when the server sends false values to get some information from the card). Moreover, this protocol is the first secure such a protocol which does not use precomputations in the card.
We describe a feasible version of these protocols, where the used RAM is small: with current chip cards it is thus possible to implement effectively such protocols.
KeywordsPrime Number Smart Card Active Attack Modular Multiplication Secure Link
Unable to display preview. Download preview PDF.
- 1.Anderson, R. J.: Attack on server-assisted authentication protocols. Electronic Letters (1992) p. 1473.Google Scholar
- 2.Brickell, E., Gordon, D. M., McCurley, K. S., Wilson, D.: Fast exponentiation with precomputation. In Advances in Cryptology — Proceedings of Eurocrypt '92 (1993) vol. Lecture Notes in Computer Science 658 Springer-Verlag pp. 200–207.Google Scholar
- 3.Couvreur, C., Quisquater, J.-J.: An introduction to fast generation of large prime numbers. Philips Journal of Research (1982) pp. 231–264.Google Scholar
- 4.Kawamura, S., Shimbo, A.: Fast server-aided secret computation protocols for modular exponentiation. IEEE Journal on selected areas communications 11 (1993).Google Scholar
- 5.Matsumoto, T., Imai, H., Laih, C.-S., Yen, S.-M.: On verifiable implicit asking protocols for RSA computation. In Advances in Cryptology — Proceedings of Auscrypt' 92 (1993) vol. Lecture Notes in Computer Science 718 Springer-Verlag pp. 296–307.Google Scholar
- 6.Matsumoto, T., Kato, K., Imai, H.: Speeding up secret computation with insecure auxiliary devices. In Advances in Cryptology — Proceedings of Crypto '88 (1989) vol. Lecture Notes in Computer Science 403 Springer-Verlag pp. 497–506.Google Scholar
- 7.NIST: FIPS 186 for Digital Signature Standard (DSS).Google Scholar
- 8.Pfitzmann, B., Waidner, M.: Attacks on protocols for server-aided RSA computation. In Advances in Cryptology — Proceedings of Eurocrypt '92 (1993) vol. Lecture Notes in Computer Science 658 Springer-Verlag pp. 153–162.Google Scholar
- 9.Quisquater, J.-J., Soete, M. D.: Speeding up smart card RSA computation with insecure coprocessors. In Procedings of Smart Cards 2000 (1989) pp. 191–197.Google Scholar
- 10.Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21 (1978) pp. 120–126.Google Scholar
- 11.Schnorr, C.: Efficient identification and signatures for smart cards. In Advances in Cryptology — Proceedings of CRYPTO '89 (1990) vol. Lecture Notes in Computer Science 435 Springer-Verlag pp. 235–251.Google Scholar
- 12.Yen, S.-M., Laih, C.-S.: More about the active attack on the server-aided secret computation protocol. Electronic Letters (1992) p. 2250.Google Scholar